Beware LeakerLocker: Ransomware That Locks Your Mobile
Fresh on the heels of the malware best known as WannaCry , new ransomware threatens to lock your device and send private information to your family and friends.
It’s as if you can’t go a month without a new strain of malware hitting the headlines. Admittedly, while relatively few are actually victims, it’s a catch-22: fear of ransomware is why it’s always big news, but media attention only heightens this.
Nonetheless, this is a particularly nasty threat that you need to know about right now.
What Is LeakerLocker?
You’ll likely be pretty familiar with ransomware : it’s malicious software that encrypts all your data and only allows you access if you pay a ransom . Except a lot of cybercriminals won’t even unencrypt your files, instead demanding more money.
LeakerLocker is slightly different, in that it locks your home screen but doesn’t encrypt everything you’ve got on your device. It’s still ransomware, however, because it warns that it’s gathering your browser data, text messages, call history, location information, emails, social media messages, and photos. It states that, without paying up, it will leak all this private data to your contacts.
If ransomware is defined by its ability to take dominance over a large proportion of your life and blackmail you to get it back, LeakerLocker fills these criteria perfectly.
It’s actually ingenious. The fee asked isn’t as substantial as most ransomware. It’s $50. That’s a fair amount, but not enough to price itself out of the market. People will be distraught, but will also figure, it’s “only” $50.
The ransom has to be paid via credit card, and within 72 hours. If the payment is successful, victims are told that their personal information is safe; if not, it informs you that “Your privacy is in danger.”
It’s worth noting that, should payment be successful , you’ve proved to scammers that you’re willing to pay. It assures you that the danger is over. But that doesn’t mean you won’t be held to ransom in the same way again.
How Does It Infect Devices?
Security firm, McAfee discovered the malware in two apps via the Google Play store. It runs on Android phones as Android/Ransom.LeakerLocker.A!Pkg. The malicious apps are “Wallpapers Blur HD”, downloaded between 5,000 and 10,000 times, and “Booster & Cleaner Pro”, downloaded up to 5,000 times.
— Beebom (@beebomco) July 15, 2017
The former appears to be a pretty standard service that offers a number of wallpapers for your lock and home screens. The latter, meanwhile, purports to be an “Optimizer, Junk Cleaner, Speed Booster, App Manager, and Battery Saver” — essentially, it’s supposedly maintenance software. And indeed, it does that, while hiding its further malicious function.
They both have typically positive reviews, “Booster & Cleaner Pro” in particular, boasting a 4.5/5 rating. Of course, many of these are fraudulent reviews .
Avast is also reporting that “Call Recorder”, which supposedly does exactly what it says on the tin, is infected with LeakerLocker.
The apps seek permission to a wide range of other features; while you might be sceptical about allowing a wallpaper app access to, say, your social networking accounts, you could understand why the Booster one requires such things, seeing as it apparently aims to save your battery .
Is it as Bad as it Sounds?
Yes, and no.
Anyone who has downloaded those apps will naturally feel victimised. The threat of all your private information being leaked online is bad enough, without considering that it ends up in the hands of your family and friends.
McAfee has tried to reassure users:
“Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information.”
But that’s not a great comfort. It might not be able to read everything it claims, but it can read some of what it says it can. Certainly, the potential 15,000 victims won’t see much to be relieved about here.
— Avast Threat Labs (@AvastThreatLabs) July 14, 2017
Equally, no exact numbers are known as to whether details really have been leaked, or, indeed, if any have been at all. It’d be churlish to call this an empty threat, but it’s not affected the masses just yet either.
Google is currently investigating the two apps, but who knows whether more are still lurking in the Play store?
Does it Affect Any Other Operating Systems?
Most people won’t be affected by LeakerLocker, even if they’re on Android. Still, a survey in 2015 found that 97% of malware targets that particular Operating System (OS).
Android is open-source, so developers using the complex C++ programming , or Java can insert malicious code. In most cases, you’re only compromised if you use third-party apps , not verified through the official store, but as LeakerLocker proves, malware does slip through.
As for other phones, arguably the two most popular alternatives — Windows Mobile 10 and Apple — vet all apps through their strict respective stores. They use the “sandbox” or “walled garden” approach, which stops apps interacting with each other without permissions from the user.
Except malicious apps seek authorization on Android too.
You have to weigh up which you consider the most secure mobile OS , decide whether a jailbroken phone is right for you, and then whether individual apps really need access to other features.
If LeackerLocker exists on other OS, it’s not been discovered yet. As ransomware has no reason for hiding itself, potential victims would surely have come forward by now. Still, that doesn’t mean it can’t infect iPhones, for instance, in the future.
How Can You Protect Yourself?
Google is investigating, so you won’t be able to download “Wallpapers Blur HD” or “Booster & Cleaner Pro”, even if you had some bizarre reason for wanting to.
LeackerLocker might be running in the background of further apps , however. Forget the myths: you also need security software on your smartphone . Keeping your OS up-to-date will also patch any holes found.
If you do fall victim, do not pay the ransom. $50 might seem tempting, but it encourages the scammers. Think of it this way: you’re handing money to criminals in order for them to scam more people.
With a distinct lack of reported incidents, it’s questionable whether any personal information will be leaked regardless.
Are you worried about LeakerLocker? Have you been affected already? And what did you do?
Image Credit: robbin lee via Shutterstock.com